Summary: | Plasma crash on quit | ||
---|---|---|---|
Product: | [Plasma] plasmashell | Reporter: | Kai Uwe Broulik <kde> |
Component: | general | Assignee: | David Edmundson <kde> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | bhush94, opensuse.lietuviu.kalba, plasma-bugs, supernerdboy |
Priority: | NOR | Keywords: | drkonqi |
Version: | master | ||
Target Milestone: | 1.0 | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | http://commits.kde.org/plasma-desktop/389aef07d6adce84aaffedd065004a37b74f6aae | Version Fixed In: | |
Sentry Crash Report: |
Description
Kai Uwe Broulik
2015-12-29 22:22:44 UTC
I'm 85% sure I know what it is. Clue 1: I have a valgrind warning. but no crash. ==23261== Invalid read of size 8 ==23261== at 0x73A12D5: QQuickItem::~QQuickItem() (qquickitem.cpp:2377) ==23261== by 0x7418040: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (qqmlprivate.h:104) ==23261== by 0x7418061: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (qqmlprivate.h:104) ==23261== by 0xBAA479F: QObjectPrivate::deleteChildren() (qobject.cpp:1970) ==23261== by 0xBAA2DBC: QObject::~QObject() (qobject.cpp:1041) ==23261== by 0x73A15E1: QQuickItem::~QQuickItem() (qquickitem.cpp:2342) ==23261== by 0x279DBA01: DeclarativeDropArea::~DeclarativeDropArea() (DeclarativeDropArea.h:31) ==23261== by 0x279DDB7E: QQmlPrivate::QQmlElement<DeclarativeDropArea>::~QQmlElement() (qqmlprivate.h:104) ==23261== by 0x279DDB9F: QQmlPrivate::QQmlElement<DeclarativeDropArea>::~QQmlElement() (qqmlprivate.h:104) ==23261== by 0x505DF71: PlasmaQuick::AppletQuickItem::~AppletQuickItem() (appletquickitem.cpp:425) ==23261== by 0x225A9648: AppletInterface::~AppletInterface() (appletinterface.cpp:122) ==23261== by 0x225CAE5C: ContainmentInterface::~ContainmentInterface() (containmentinterface.h:50) ==23261== Address 0x27722520 is 32 bytes inside a block of size 48 free'd ==23261== at 0x4C2B1C6: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==23261== by 0x279B2504: QQmlPrivate::QQmlElement<QQuickGridLayout>::~QQmlElement() (qqmlprivate.h:104) ==23261== by 0xBAA479F: QObjectPrivate::deleteChildren() (qobject.cpp:1970) ==23261== by 0xBAA2DBC: QObject::~QObject() (qobject.cpp:1041) ==23261== by 0x73A15E1: QQuickItem::~QQuickItem() (qquickitem.cpp:2342) ==23261== by 0x279DBA01: DeclarativeDropArea::~DeclarativeDropArea() (DeclarativeDropArea.h:31) ==23261== by 0x279DDB7E: QQmlPrivate::QQmlElement<DeclarativeDropArea>::~QQmlElement() (qqmlprivate.h:104) ==23261== by 0x279DDB9F: QQmlPrivate::QQmlElement<DeclarativeDropArea>::~QQmlElement() (qqmlprivate.h:104) ==23261== by 0x505DF71: PlasmaQuick::AppletQuickItem::~AppletQuickItem() (appletquickitem.cpp:425) ==23261== by 0x225A9648: AppletInterface::~AppletInterface() (appletinterface.cpp:122) ==23261== by 0x225CAE5C: ContainmentInterface::~ContainmentInterface() (containmentinterface.h:50) ==23261== by 0x225CAE81: ContainmentInterface::~ContainmentInterface() (containmentinterface.h:50) so it's trying to delete an object that's already been deleted by itself. Which implies it's the children() gets muddled about during a QQuickItem's destructor. I've seen this before in a differnet place (https://bugreports.qt.io/browse/QTBUG-55460) on a work project with an item that reparented itself whilst the parent was deleting the children. Clue 2: I went looking for declarativeDropAreas with children in gammaray. The only one I've seen is the panel containment plasma-desktop/containments/panel/contents/ui/ lastSpacer will move between being parented between root and nothing depending depending on items. I think it's changing parents whilst root is tearing down, moving to the layout, getting deleted by that..but it's still in the list of items for root to kill .. and then BAM. If it is that, ideally we should write a test case and fix Qt. But we should probably work around it here. probably by not reparenting willy nilly and just set visible to false. *** Bug 368079 has been marked as a duplicate of this bug. *** *** Bug 368029 has been marked as a duplicate of this bug. *** Git commit 389aef07d6adce84aaffedd065004a37b74f6aae by David Edmundson. Committed on 13/09/2016 at 15:17. Pushed by davidedmundson into branch 'master'. Simplify Panel lastSpacer + fix crash Summary: The panel contains an invisible Item lastSpacer, who will fill the width of the layout if no other applet has Layout.fillWidth/Height set, keeping all applets left aligned. Previous this worked by reparenting the invisible item in/out of the layout to the root item. This seems overkill when we can just toggle visibility. I think the code existed from before the panel was managed by a Layout. Worse, the current code leads to a potential crash on teardown. The root gets deleted, starting a foreach(child, children) {child->delete} This kills the task bar, which means we reparent the spacer to the layout. The layout then finishes killing the children and kills the spacer. We then get back to the root objects dtor which is now deleting a previously deleted object. See bug report. This patch also fixes the fact that addApplet/removeApplet had a slightly different check to see if the spacer is needed or not, fixing a hypothetical bug if you had a Hidden applet with fillWidth: true. Test Plan: In both horizontal and vertical: - have a panel without a task manager - add a task manager - remove a task manager Reviewers: #plasma, mart Reviewed By: mart Subscribers: plasma-devel Tags: #plasma Differential Revision: https://phabricator.kde.org/D2742 M +1 -5 containments/panel/contents/code/LayoutManager.js M +19 -50 containments/panel/contents/ui/main.qml http://commits.kde.org/plasma-desktop/389aef07d6adce84aaffedd065004a37b74f6aae |